Comments (4)
"Extract dork from request path" Can you explain this point?
How existing dorks file was created? (I mean which sources was used) and can we use Google hacking database for the new dorks? (or they will intersect with old dorks?)
from tanner.
So the assumption is that an attacker is not trying to target just one vulnerability. So further requests probably contain also paths to a vulnerability. By taking the path (from first slash form the left to an eventual question mark) and adding it to the dork list, we expand the attack surface of SNARE.
from tanner.
I used dorks from glastopf. I think they are originally from the Google Hacking DB. Intersection should be no problem. I think we should have one db for "good" dorks, dorks we got from the GHDB or which we added manually, and one dork db from requests. Consider also if we want to move the dorks into redis so we don't have to keep them in the python process memory.
from tanner.
Closed with ebf2f6a
from tanner.
Related Issues (20)
- Improve regex pattern for attack detection
- Permissions error HOT 1
- tannerweb issue HOT 4
- Tanner API Parameter for setting number of returned session HOT 4
- JSON Logging hierarchy issue HOT 2
- User, tool, crawler and attacker HOT 1
- JSON parse error HOT 2
- AttributeError: module 'aioredis' has no attribute 'create_redis_pool' HOT 12
- Feature Request: Log4Shell exploit detection
- TannerWeb Redis issue HOT 2
- RFI emulator exception: Future <Future pending> attached to a different loop
- TypeError: zrevrangebyscore() got an unexpected keyword argument 'offset' HOT 2
- GSoC 2022 FAQ [WIP]
- GSoC'22 - HTTP requests evaluation HOT 1
- GSoC'22 - Web Improvement
- Tanner installation HOT 1
- Python 3.10 breaks Tanner HOT 1
- Docker Installation of Tanner fails due to some dependencies HOT 1
- TypeError: zrevrangebyscore() got an unexpected keyword argument 'offset' when running through docker HOT 2
- Session analyzer is not working
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tanner.